Mark Glenister, a commercial solicitor with JPP Law, outlines some key considerations with contactless payment, your contracts with your payment processors and privacy policies.
Review payment processor contracts
When was the last time you reviewed your contract with your payment processor in detail to get a handle on your termination rights, payment holidays, your charges for refunds, failed transactions and taking payments in a safe and secure way?
Preventing fraud and protecting customer data at the point of payment is at the forefront of new laws coming in. Merchants of goods or services are going to be required to use systems or apps that require customers to go through a two-step process to authenticate their identity before payments are set up or taken. This is known as ‘strong customer authentication’ (SAC). While enforcement of anyone failing to set this up will not occur until March 2021, some larger payment processors have already implemented changes and your business may already be working within the rules. Nevertheless, it is a good idea to check what you need to do to ensure compliance.
Depending on the type of business you have and payments you need to process, there are several questions you should answer in order to determine what changes you may need to make to how you take payment for your goods or services:
- Can you take advantage of any exemptions from the new SCA rules, for example if you have a subscription-based model or your transaction values are predominantly low?
- Has your payment processor been in touch with you with their new SCA policies and how they are intended to work? If not, contact them to obtain an update from them.
The survival and success of a business post-Covid-19 may require compliance with stronger consumer rights in regard to cancellation or refunds. Handling a higher rate of returned goods or cancelled bookings will result in charges back to you from your payment processor. There could also be an increase in failed transactions and more administrative charges for your business to absorb.
With less cash exchanging hands and more contactless payments or online transactions occurring, a thorough review of your contracts will be a key step in mitigating these unnecessary and irrecoverable charges. It is important that these contracts are reviewed by an experienced lawyer to help you fully understand your rights.
Implications for customer privacy
Once you have completed a review of your payment processor contract, then the next thing to look at should be the impact on your data processing measures and privacy policy.
While you may not be required to obtain customer consent for their personal data to be passed onto a payment processor, knowing how your provider processes the data and what your obligations are in respect of using third parties is critical to being compliant with GDPR. Signing a data processing agreement is one such step that is a common requirement.
Following from your contract review, you may decide to change processor partners or find that your privacy policy needs amending. It is important to be transparent about who is processing the data, where it is stored, and how and why it is processed. Note that a lot of the larger processors have servers outside of the UK or European Economic Area and that would warrant more stringent procedures and measures to protect customer personal data.
Covid-related price changes and potential savings
The Chancellor’s VAT reduction on certain goods and services is one example of where you need to have systems in place to change pricing accurately and swiftly. You also need to be able to identify any opportunities for you to save your business some money or reclaim costs by checking and ensuring any pertinent changes are also reflected in your supplier agreements. Do not assume that your supplier has got their terms right and up to date, as not every business has the benefit of legal support or in-house resources to stay on top of all the changes.
For example, if a portion of a product you buy from a supplier is now subject to reduced VAT, you need to know this is reflected in the cost price you pay. Once again, a regular audit of your contracts is going to be good practice in the weeks and months ahead.
How we can help
It is important to analyse and keep on top of every link in your supply chain and business operations, not just to reaffirm your compliance with relevant laws but to identify where your business could also benefit.
We recommend reviewing payment processing contracts and privacy policies to ensure they are in line with the recent rules and upcoming legislation we are anticipating.
This article is for general information only and does not constitute legal or professional advice. Please note that the law may have changed since this article was published.